GeekMasher's Blog

Building a CodeQL Extractor from Scratch

Building a CodeQL Extractor from Scratch

This is a deep-dive into building a CodeQL Extractor from scratch using Tree-Sitter and Rust.

Series - Building a CodeQL Language from Scratch

Series - Building a CodeQL Language from Scratch

A series of posts that will guide you through the process of building a CodeQL language support from scratch

Talk - 'Deep-dive into Containers and How to Secure Them'

Talk - 'Deep-dive into Containers and How to Secure Them'

Containers are a fundamental building block for modern applications, but they bundle a large amount of third-party code. Identifying what’s inside an image (and which versions) is critical for security. This post summarises a January 2025 presentation at Defcon 44131 covering how containers work, why SCA (Software Composition Analysis) matters, common open-source tooling (Syft/Grype, Trivy, Docker Scout, Clair) and an introduction to Konarr — an SCA platform focused on containers. It closes with pragmatic steps to reduce risk: scan early, monitor continuously, patch often, and shrink the attack surface.

Talk - 'Konarr: A Story of Building a Software Composition Analysis Platform' at DC44131

Talk - 'Konarr: A Story of Building a Software Composition Analysis Platform' at DC44131

Local Defcon chapter talk on ‘Konarr: A Story of Building a Software Composition Analysis Platform’

Launching Konarr

Launching Konarr

Konarr is a new open source project developed as a simple, easy-to-use supply chain monitoring tool for your homelab